Patch advisory for Sun Microsystems. Please read for details.
fdb48f205b9093efa4f6227ea7def7424f4461b07154dea026d00d83941e9ec3
Hp-ux-bdf.c is a local root buffer overflow exploit for HP-UX's /usr/bin/bdf.
0e8e2833f271db51967945879c37ea8b040d8a327992db7a84525fd4e618c1ce
Dwarf.cpp is an unreleased exploit for Troll ftpd, a supposedly secure ftp server.
c289a2eefb385f3cef6e155cc5d978a8d0952c549cb00ff74ebb244d1261355f
IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
5259889e312aca78ff120220aed5c95bba5dff442445dec3e22c6b9dfebcdb33
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesn't write anything to the logs.
259dd32e71927e99de52ad09974eeb6521a51b49a626f6d18e3ed47d5da6bfd9
Site Protector v2.0 password deciphering tool coded in javascript.
cc76f4e8ea690abe4502ce4187b490cad701361c15abccedeaa787a2e3c2e703
ICQr Information v1.5 reads out ICQ Database (DAT) files including personal data such as passwords and deletec contacts. ICQ versions 99a/b, , 2000a/b and 2001 are supported.
10121a7f5b416b27e299e91c439eaf06008d81aceb1d97214ae406dfffb3bcfc
Internet Security Systems (ISS) X-Force has discovered a buffer overflow in the Subprocess Control Server (dtspcd) in all Unix variants running CDE (Common Desktop Environment) system. The vulnerability in the dtspcd daemon may allow remote attackers to execute arbitrary commands on a target system with super user privilege.
d1bfc5d62d8c313808c9f569fae242504771c9276aac917e265af53497e54bf5
Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
4fc6353114be9187fc81d9348425805da921476f4b321b6e83d0fd44ef8894f6
This is wuftpd2.6.0x and qpop2.1.4 exploit ported to PHP. Even php in safe mode can not stop this script from working. Webhosting providers who provide PHP need to be careful.
13aada54c954522f4a2446611b67aa75d2fad31ef0fb63a0303da5710582411d
Microsoft Security Advisory MS01-055 - IE Cookies can be retrieved by unauthorized users who can then modify the values in them using malformed URL's. Microsoft FAQ on this issue available here.
a3e76106f19ef35eba1c78b396da6d7a6130e93cff44659550cde9d361ca6d4b
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
0ab8683852c7e18080d19765988aadafd1044192da7ab0db09608fc7faa15bc7
Btk is a little Python extension module allowing one to create and play with raw sockets and TCP/UDP/ICMP packets from within Python.
decaec6232a915f53abf02a4f0b4640a48f4b16a8776802c6985da925ffaa4c4
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
4f24865b58a950757f31ad67a84f2ba3e74358d411ac6ade255ca2b8dbf97e40
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
af2a2072a15847c8460565babe13b2a8d6b095b9daaedade52ba28abf8ec86f6
fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
eba87138d1120e49a4460896f06ae1fa50da180902872dde33f33a56141f5fdc
Fingerprinting Port 80 Attacks - This paper looks at some of the signatures that are used in web server attacks and what to look for in your logs.
418fdba08b5342ce96f2eb897abfc3f48546f0a39066b51571a722980b2c603f
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
26a737a43a7486f9aed74043808e07b57d7dc15a1afbf6b49577eb73f0befd66
The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
74f541ebcfbcbfb32968d1b03e66685c04d902f786a780492eb07f47cdd69604
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. Windows binaries available here.
376a383c5fad43306cef871664c81a31a86007458d75750c0053d4e77332c020
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
c305a83d444273f36fe616be53e47889e553f1076437495c3cb20aa4dea2051c
Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data. It is able to embed data in BMP, WAV, and AU files.
7023049ea27d26db23073fd0c280a93cc283531e40fc3edf84638e441e68e288
IPV6 Flooder.
840f1e7f1a6630975736391461079a35d92a25fde20d2c2df2d20980cfe278b1
Tux web server remote dos attack. Sends a large host parameter inside the get request. Tested again RedHat 7.2.
029a738f9b68551f68b054c1d398abfbab7c1c19c344eabb37256f52d1ec0928
FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
846d1a294f28721aa038c839384a72e8fc9b706324f5426a23df837e297075f2